Group owners SHALL NOT be allowed to consent to applications.

Why This Matters

If group owners can consent to applications, they may inadvertently grant permissions that expose sensitive organizational data or introduce security vulnerabilities. This risk increases in large environments where group owners may not fully understand the implications of application consent, leading to unauthorized data access or compliance violations. Restricting this permission helps maintain centralized control over application access and reduces the attack surface.

What Aether365 Checks

Aether365 verifies that group owners in Microsoft Entra ID are prohibited from consenting to applications. This check appears in the Aether365 dashboard under the entra-id checks section, flagged with a Medium severity alert.